Posted
by
CmdrTaco
on Thursday March 11, 2010 @01:40PM
from the because-we-said-so dept.

Barence writes "Speaking exclusively to PC Pro, Eugene Kaspersky has claimed Apple has repeatedly refused to deliver the software development kit necessary to design security software for the phone. 'We have been in contact for two years with Apple to develop our anti-theft software, [but] still we do not have permission,' said Kaspersky. Although he admits the risk of viruses infecting the iPhone is 'almost zero,' he claims that securing the data on the handset is critical, especially as iPhones are increasingly being used for business purposes. 'I don't want to say Apple's is the wrong way of behaving, or the right way,' Kaspersky added. 'It's just a corporate culture — it wants to control everything.'"

I'm not familiar with mac development, but the "SDK" in question would basically be kernel internal functions docs/unreleased API docs, yes? There may be other reasons besides appstore control freakery that they don't want to release and/or license that out? And even if Kaspersky would reverse-engineer the necessary parts of the kernel, which they obviously could (and their employees probably already partially have, unofficially) they would be sued to hell and back if they used that data in a product (which would be obvious, since there's no other way besides the official channels to get at it)?

If there's anything we learned from the PC universe, it's that many people would rather have viruses run transparently in the background than have their machines slow to a crawl because of overbearing security suites that often don't even identify proper threats.

Having tried the iPhone, I think it's a decent gadget, but it's not fast enough to be able to take performance hits from inefficient security suites.

If there's anything we learned from the PC universe, it's that many people would rather have viruses run transparently in the background than have their machines slow to a crawl because of overbearing security suites that often don't even identify proper threats.

That's a very interesting point. Virus used to wreak havoc on the targeted computer and destroy files, reboot the machine, etc... Nowadays, all that they hope for is to be able to steal stealthily a few percent of resources and bandwidth. About the same as the antivirus except he is not very stealthy about it.

Disclaimer: I do NOT work for Good technology, but was recently asked to research the use of iPhone, WebOS and Droid in my company's enterprise environment and Good is pretty much the very best of the best out there from what I could tell.

Very simple. Liability. I would think it would be possible for a lawyer to make the claim that if Apple's product broke causing the loss, AND that Apple actively blocked --potentially-- better products from working, that they then assumed liability for any damage their original product failed to protect. Right now, liability limitations exist because the user has a choice. "We deny all liability, because you read this and still chose to use our product". But with ACTIVELY suppressing competition, aren't they removing that choice, and hence opening themselves up to liability (Since you had no choice in the first place)?

It can encrypt all data by default and remotely wipe the device, and even end users can get the GPS coordinates of the device if they have MobileMe.

I know this, because I work for an iPhone nut.

If you're a business user, you're using Exchange 2007 with ActiveSync to remotely manage the iPhone and deliver email. If you've got a wish to drive yourself insane, you're also using MobileMe on that same device.

MobileMe has some neat features, but quite frankly it's complete bullshit that those features (Find my iPhone et. al.) are mutually exclusive from a phone with an ActiveSync binding. MobileMe + ActiveSync is highly discouraged by all of the Apple support reps I've spoken with, and to date, my boss has had nothing but nightmares involving the combination of the two.

The iPhone3GS already has built in hardware level encryption of the entire storage device. It also has BSD jails for apps to run inside of and there is the Appstore approval process.

This "software" could not be ordinary software but would rather require Apple opening up the OS to third party extensions which ran at a privileged level above the sandboxes. I just don't see that every happening for a couple of reasons.

1. The Kaspersky software itself could have exploitable flaws and given that it would be running at a higher privilege level than regular apps, that opens up a new attack vector for web based exploits to use.

2. Such software would potentially slow the OS down and cause a significant battery drain for no real gain of protection.

Much has been made about FUD articles that say that other apps can access contacts without asking for permission. No shit sherlock. That is a "feature" of the official API and the app approval process is supposed to ferret out nefarious uses of contact lists. I would hate to see UAC style boxes for apps each time I wanted to see a contact list in a third party app.

You'd better read it again (like I just did). To me, the site is quite agnostic toward jail-breaking, and is no less useful to someone with a non-jailbroken device. I believe I feel the same way about jailbreaking as you do (currently not considering jailbreaking my device, fairly sure I'll never do it), but as another poster has said: There's not a chance in hell that Apple have properly audited all the application for security, and it's flat out impossible they'd be able to do so adequately anyway (they don't audit the source). The App Store is not about that at all.